Torq's HyperSOC is designed to be customizable, allowing you to configure its settings based on your organization's specific needs. By centralizing key configurations within the Settings > Cases page, you can efficiently manage case behavior, enhancing operational efficiency and clarity.
Available Settings:
Auto Refresh: Set the auto-refresh interval for the Cases page.
Categories: Manage categories for accurate case classification.
Resolution Reasons: Manage the reasons analysts can specify when resolving or closing cases.
States: Create custom states and edit the default ones for accurate tracking.
Public Notes/Comments: Enable the option to mark notes and comments as public.
Auto Refresh Interval
Set how frequently the Cases page refreshes to display new cases.
The page does not auto-refresh by default to prevent unexpected changes during automated updates. Analysts need to manually refresh the page to see case updates.
Alternatively, you can use the Set Case Management Auto Refresh Interval step to adjust the refresh interval automatically. Specify the desired time in seconds for automatic updates.
This setting applies to all users within the workspace.
Categories
Manage categories to keep cases organized, easy to navigate, and accurately classified. Add, edit, or delete categories as needed.
Base Categories
Torq provides the following categories out of the box:
Email Security
Malware
Cloud Security
Identity & Access Management
Application Security
Data Security
For each base category, you can view the associated cases and rename or delete the category. To expand this list, click Add to create new categories.
Renaming or deleting a base category updates it in the available list but does not affect existing cases, which will keep their current category.
Dynamic Categories
The list of dynamic categories is automatically generated based on any additional categories associated with workspace cases beyond the base set.
Dynamic categories cannot be manually edited or deleted; to modify them, update the categories directly within each case.
To view cases associated with a specific category, hover over it and select View Cases.
Resolution Reasons
Manage the reasons analysts can specify when resolving or closing cases to ensure accurate tracking and reporting. Add, edit, or delete resolution reasons as needed.
Base Resolution Reasons
Torq provides the following resolution reasons out of the box:
Duplicate
False positive
True positive - benign
True positive - malicious
You can edit or delete each base resolution reason as needed. To expand the list, click Add to create new resolution reasons.
Editing or deleting a base resolution reason updates it in the available list but does not affect existing cases, which will keep their current resolution reason.
Dynamic Resolution Reasons
The list of dynamic resolution reasons is automatically generated based on any additional resolution reasons associated with workspace cases beyond the base set.
Dynamic resolution reasons cannot be manually edited or deleted; to modify them, update the resolution reasons directly within each case.
States
Customize cases states to match your processes for accurate tracking. Torq’s custom states let you add new states and adjust the default ones to fit your needs.
Default States: The default states are New, In Progress, On Hold, Resolved, and Closed. These states can be renamed.
Custom States: Custom states can be created within one of the default state groups (New, In Progress, On Hold, Resolved, or Closed) to indicate a similar purpose. Learn more about custom states.
To Add a Custom State:
Click Add.
Enter a unique name for the state.
Select a state group from the options: New, In Progress, On Hold, Resolved, or Closed.
State groups cannot be deleted and must always contain at least one state, with a maximum of six states per group.
Hover over a state and click View cases to see all cases currently in that state.
Public Notes/Comments
Enable the option to mark notes and comments as public, distinguishing them from internal communications and indicating their relevance to external stakeholders. Learn more about public notes and comments.
By default, all notes and comments are private. Once this option is enabled, users can manually or automatically mark individual notes or comments as public.
To enable full functionality, a published workflow is required to implement external communications.